Abstract
Role Based Access Control (RBAC) has received considerable attention as a model of choice for simplified access control over the past decade. More recently, risk awareness in access control has emerged as an important research theme to mitigate risks involved when users exercise their privileges to access resources under different contexts such as accessing a sensitive file from work versus doing the same from home. In this paper, we investigate how to incorporate "risk" in RBAC - in particular, in RBAC sessions. To this end, we propose an extension to the core RBAC model by incorporating risk awareness in sessions where the risk is bounded by a session-based "risk-threshold." We develop a framework of models for role activation and deactivation in a session based on this threshold. Finally, we provide formal specification of one of these models by enhancing the NIST core RBAC model. © Springer-Verlag 2012.
Cite
CITATION STYLE
Bijon, K. Z., Krishnan, R., & Sandhu, R. (2012). Risk-aware RBAC sessions. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7671 LNCS, pp. 59–74). https://doi.org/10.1007/978-3-642-35130-3_5
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
